📃Improper Token Validation in Permit Signature

Vulnerability: Improper Token Validation in Permit Signature

A critical vulnerability can arise when smart contracts implement a permit function but fail to validate the correct token involved in the transfer. This type of vulnerability can be exploited when the contract assumes that a specific token is being transferred (e.g., USDC), but the permit mechanism allows any ERC-20 token to be approved and transferred without verification. This leaves the contract open to attacks where users can deposit other tokens and exploit the system.

This section explains this vulnerability in detail, using a common scenario where the permit signature does not validate the token being transferred, and how it can lead to financial losses.

How the Vulnerability Works

The permit function in smart contracts is designed to allow users to authorize the transfer of tokens via an off-chain signature, without needing to pay gas fees for the approval on-chain. This mechanism is especially useful for improving user experience in decentralized finance (DeFi). However, when implementing this mechanism, it's critical to validate the token being authorized to prevent unauthorized or unintended token transfers.

When a contract accepts a permit signature to authorize the transfer of tokens, it typically checks that the user has signed a valid transaction for a specific token. In some cases, however, the contract might skip a crucial validation step: verifying that the token being transferred matches the expected token (e.g., USDC).

If this validation is missing, the contract will accept any token that is signed using the permit, allowing an attacker to exploit this by authorizing a different token instead of the intended one.

Example Scenario

Let's break down a typical exploit scenario where this vulnerability could occur:

1. Setup:

   • A DeFi contract (e.g., a vault) allows users to deposit USDC by providing a signature for a permit transfer through a third-party mechanism like Uniswap's Permit2.

   • The vault expects to receive only USDC tokens.

2. Signature Creation:

   • A user (or attacker) generates an off-chain signature using Permit2 to allow the transfer of tokens.

   • Instead of authorizing USDC, the attacker signs the transfer of an unrelated ERC-20 token (e.g., a low-value token).

3. Token Transfer:

   • The attacker submits the permit signature to the vault contract.

   • The vault contract calls Permit2 to validate and transfer the token, but the vault does not check whether the token being transferred is USDC. It simply checks whether the signature is valid.

4. Exploit:

   • Because the vault does not verify that the transferred token is USDC, it accepts the other token (e.g., the low-value token) as if it were USDC.

   • The vault processes the deposit or other interactions as though USDC were transferred, potentially allowing the attacker to withdraw actual USDC or other valuable assets from the vault in exchange for the low-value tokens.

Impact

This type of vulnerability can have devastating financial consequences for smart contracts that rely on token validation during permit-based transfers. In the worst-case scenario, an attacker could drain valuable tokens (such as USDC) from the contract by substituting them with worthless or low-value ERC-20 tokens. The impact of such an exploit could include:

• Loss of User Funds: Users' deposits in USDC or other valuable tokens can be stolen.

• Depletion of Vault Assets: The vault or protocol managing the tokens could lose significant reserves if attackers continue to exploit the missing validation.

• Loss of Trust: DeFi protocols with this vulnerability may suffer reputational damage, as users become wary of depositing assets.

Mitigation Strategies

To prevent this vulnerability, contracts implementing permit signatures must perform proper validation of the token being transferred. The following steps can help ensure secure implementation:

1. Validate the Token in Permit Signature:

   • Ensure that the contract checks the token field in the PermitTransferFrom struct and verifies that it matches the expected token (e.g., USDC).